A 24-year-old man from Giesbeek was sentenced by the District Court of Central Netherlands to a prison sentence of 2 years, of which 1 year was suspended. For three and a half years the man, together with another person, collected millions of (stolen) log-in data and sold them on a website with the purpose of committing computer crimes. They then laundered the money they earned by using various methods to channel it to bank accounts and accounts.
In July 2019, the United Kingdom's National Crime Agency launched an investigation into the website www.weleakinfo.com. This revealed that the website's administrators were trading in millions of login details, taken from data breaches of a large number of (hacked) websites. Visitors to the website could buy these login details. During this investigation, the suspect came into view, after which the Dutch police also launched an investigation. The suspect acknowledges that he was involved with the website, but he states that he had no criminal intentions. In addition, he denies being guilty of laundering the earnings.
According to the defendant, the website was only there to warn people that their login information was online, but the court does not believe this. Among other things, the way the website was marketed shows that the defendant and his co-perpetrator were selling the login information with the goal of having people commit computer crimes with it. For example, they advertised on a website that gave visitors information about hacking. The website also offered a service to crack encrypted passwords. Finally, chat conversations found on the suspect's phone revealed that he and his co-perpetrator talked about rewriting their website's terms of service so they could deny everything. In another conversation they said, 'they think we're legit' (legit) to which they responded with: 'Lol' (laughing out loud). From these messages, the court deduces that the defendant and his co-perpetrator tried to cover themselves with lies and apparently did not think We Leak Info was "legit.
The actions of the defendant and his co-perpetrator allowed others to learn about sensitive (personal) data not intended for them. This damaged the trust in internet traffic. The court blames the defendant very seriously and sentences him to two years' imprisonment, of which one year is suspended. The public prosecutor had demanded 2 years of unconditional imprisonment, but the court felt that a substantial suspended prison sentence was also necessary to prevent the defendant from committing the offence again in the future. The suspect must repay the money he earned, almost €110,000, to the State.
